CVE-2024-0495

Name of the Vulnerable Software and Affected Versions Kashipara Billing Software version 1.0

Description A critical vulnerability has been found in the HTTP POST Request Handler component of the software, specifically affecting the file party submit.php. The manipulation of the party name argument leads to SQL injection. The attack can be initiated remotely.

Recommendations For Kashipara Billing Software version 1.0, consider restricting access to the party submit.php file until a patch is available. As a temporary workaround, avoid using the party name argument in the affected HTTP POST Request Handler component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.